First, modify the listening port number in the/etc/httpd/conf/httpd.conf file
Listen 80
Change the 80 to the required number, such as 8000, i.e.
Listen 8000
Second, view the SELinux HTTP-related ports
Check if SELinux is enabled # sestatus-v |grep selinux
SELinux status:enabled #表示启用
Check if Semanage installs # Rpm-qa |grep Policycoreutils-python
If not installed, please install the Toolkit # Yum Install Policycoreutils-python
# Semanage Port-l|grep http
http_cache_port_t TCP 3128, 8080, 8118, 10001-10010
http_cache_port_t UDP 3130
http_port_t TCP 80, 443, 488, 8008, 8009, 8443
pegasus_http_port_t TCP 5988
pegasus_https_port_t TCP 5989
Discovery 8000 is not within its scope, so it needs to be added in the following way:
# semanage Port-a-T http_port_t-p TCP 8000
Look again,
# Semanage Port-l|grep http
http_cache_port_t TCP 3128, 8080, 8118, 10001-10010
http_cache_port_t UDP 3130
http_port_t TCP 8000, 80, 443, 488, 8008, 8009, 8443
pegasus_http_port_t TCP 5988
pegasus_https_port_t TCP 5989
Third, open the newly added port in the firewall
Modify the/etc/sysconfig/iptables file to add the file as a line:
-A input-m state--state new-m tcp-p TCP--dport 8008-j ACCEPT
Four, restart the firewall and Apache
# Service Iptables Restart
# Service httpd Restart
Under normal circumstances, you should be able to access Web services through a new port.
Note:
1, combined second step is in the system has been turned on SELinux and firewall settings, if the two services have been closed, modify the port after the direct restart of Apache can;
2, the modified port number can be executed #semanage port-l|grep HTTP, the default already has a port, such as 8443, which can be omitted to add additional SELinux port operation;
3, the third step can be completed under the graphical interface.
Resources
1, Permission denied:make_sock:could not bind to address
Http://emmune.blogspot.com/2009/07/permission-denied-makesock-could-not.html
Not familiar with Python, Plone, Zope, want to use Apache. 80 port is no longer in, requisition 81 port do it. After modifying httpd.conf apachectl start, results:
(13) Permission denied:make_sock:could not bind to address [::]:81
(13) Permission denied:make_sock:could not bind to address 0.0.0.0:81
Check the SELinux HTTP-related ports semanage Port-l|grep http, results:
http_cache_port_t TCP 3128, 8080, 8118, 10001-10010
http_cache_port_t UDP 3130
http_port_t TCP 80, 443, 488, 8008, 8009, 8443
pegasus_http_port_t TCP 5988
pegasus_https_port_t TCP 5989
Directly with man Semanage The last example of a sentence
# Allow Apache to listen on port 81
Semanage port-a-t http_port_t-p TCP 81
And then Apachectl Start,ok. Use domain name: 81 can be visited.
Note: semanage
Semanage is used to configure certain elements of SELinux policy without requiring modification to or recompilation from P Olicy sources. This includes the mapping from Linux usernames to SELinux user identities (which controls the initial security context igned to Linux users while they login and bounds their authorized role set) as well as security context mappings for Variou s kinds of objects, such as network ports, interfaces, and nodes (hosts) as well as the file context mapping. See the EXAMPLES sections below for some EXAMPLES of common usage. Note that the semanage login command deals with the mapping from Linux usernames (logins) to SELinux user identities, Whil E The semanage user command deals with the mapping from SELinux user identities to authorized role sets. In very cases, only the former mapping needs to be adjusted by the Administrator; The latter is principally defined by the base policy and usually does not require modification.
2, Linux Apche can not listen to the port solution
Http://www.zzxj.net/blog/fxs_2008/archive/2010/07/05/187.html
Want to build a test with the virtual host, encountered this problem:
[[Email protected] html]# service httpd start
Starting httpd:httpd:Could not reliably determine the server ' s fully qualified domain name, using Localhost.termwikidev For ServerName
(13) Permission denied:make_sock:could not bind to address [::]:81
(13) Permission denied:make_sock:could not bind to address 0.0.0.0:81
No listening sockets available, shutting down
Unable to open logs
Workaround:
Semanage Port-l|grep http
Semanage port-a-t http_port_t-p TCP 81
This two command one is to view, one is to add, add and then review again, if there are 81, then success. You may also want to run as root user.
In addition, if you want to access the network, also open the Linux firewall:
[Email protected] html]# Vim/etc/sysconfig/iptables
[Email protected] html]# service iptables restart
Restart Apache.
Related information:
Starting httpd Permission denied Make_sock could not bind to address2010 year January 19 Tuesday 11:33in Fedora Core 5/6 and RHEL 5. We have made it easier to customize certain common parts of SELinux. In previous releases of the SELinux if you wanted to change simple things like which port a daemon could listen to, you would Need to write policy. Now we have the Semanage utility.
SELinux assigns types to all network ports on a system. By default all ports is labeled reserved_port_t and All ports > 1024x768 is labeled port_t. If a port is assigned to a particular type
Say the HTTP port, it has an assigned type of http_port_t. If you want the assigned ports in SELinux, you can use the Semanage tool, Semanage port-l.
So if you executed
Semanage Port-l | grep http
http_cache_port_t TCP 3128, 8080, 8118
http_cache_port_t UDP 3130
http_port_t TCP 80, 443, 488, 8008, 8009, 8443
pegasus_http_port_t TCP 5988
pegasus_https_port_t TCP 5989
Here we see http_port_t are assigned to ports 80, 443, 488, 8008, 8009, 8443
The policy is written to allow httpd_t Http_port_t:tcp_socket name_bind;
This means the Apache command can "bind" to a port that is labeled http_port_t.
So lets say the want to run httpd on port 81.
So you edit/etc/httpd/http.conf
and change this line
Listen 80
To
Listen 81
Now restart the daemon.
Service httpd Restart
stopping httpd: [OK]
Starting httpd: (+) Permission denied:make_sock:could not bind to address [::]:81
(13) Permission denied:make_sock:could not bind to address 0.0.0.0:81
No listening sockets available, shutting down
Unable to open logs
[FAILED]
Now the daemon fails to start because it can not bind to port 81.
This generates a AVC that looks like
----
Time->tue Dec 12 17:37:49 2006
Type=syscall Msg=audit (1165963069.248:852): arch=40000003 syscall=102 success=no exit=-13 a0=2 a1=bf96a830 a2=b5b1e8 A3 =9e58b68 items=0 ppid=21133 pid=21134 auid=3267 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts10 comm="ht TPD "exe="/usr/sbin/httpd "Subj=user_u:system_r:httpd_t:s0 key= (NULL)
TYPE=AVC Msg=audit (1165963069.248:852): avc:denied {name_bind} for pid=21134 comm= "httpd" src=81 scontext=user_u:syste M_r:httpd_t:s0 Tcontext=system_u:object_r:reserved_port_t:s0 Tclass=tcp_socket
To fix this can use Semanage to add the port
Semanage port-a-t http_port_t-p TCP 81
Service httpd Start
Starting httpd: [OK]
How to change the Apache port number under Linux